April 21st, 2004, 12:15 AM
Routed network topology
Hello ,i am trying to fully understand my switched network(2 pcs,1 switch,1 router and dsl modem) and find some difficulties at the settings of my router(192.168.0.1) which is accesed via http.(The internet connection is dsl and the router is within the modem ,i mean in the same device). The router has NAT configuration.1)can someone explain where the dmz (demilitarized)zone is supposed to be in such a network and what is the purpose of it? 2)how can i be accesed directly to my lan ip without requesting anything since the nat is enabled? 3)Somewhere in the router's configuration menu (Security Policy Configuration
)it sais external interface,internal as long with dmz.where it refers by internal and external?I have much more questions to be answered,i can fill a screen.But i understand finding a detailed tutorial would be the best,anyone??
April 21st, 2004, 05:07 AM
A DMZ is used for machines that you want open to the Inet for the most part but are still secured to some extent. For instance a DMZ is a good place for your webserver and any front-end applications you may have the need for internet access. The DMZ is usually situated as an extension off of your firewall. Either one port or just an extension network. Most DSL routers don't do DMZ stuff so tell me what the equipment is......that'd help.
The rest of your question I can't make out, why don't you try one at a time...
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
April 21st, 2004, 05:51 AM
I'm not sure how much sense I can make of anything you said, so I'll write how I understood your questions, along with my answers.
Q1. Where does the DMZ go?
A1. The problem with the internet is that we have SoHo and Corporate Networks and the same terms are used because they mean pretty much the same thing, however the application is slightly different. In a large network you would have, and this is being put quite simply == WAN (INTERNET) --- DMZ --- firewall --- LAN(Private Network) ==
In a home network, where you use a "router" and setup a DMZ you are really just stating that anything the router doesn't understand / have a destination for, is forwarded to that address. Let's say you have three PCs. A, B, and C. You put the IP Address for B in the DMZ box on your routers http interface. Computer A has an IRC conncetion, and the router knows to send all that data to Computer A.... Computer C is surfing the net and the router again knows to send that data to Computer C. However suddently the router recieves a packet bound for port 80, since neither computer A or B has established a connection that would listen on port 80, the router will forward the packet to it's DMZ. In this case Computer B. Everything the router recieves that is not implicitly bound for a specific computer is sent to the computer whose IP address you specified in the DMZ.
Q2. I think you are asking how you'd access one of your private IPs behind the router.
A2. You'd either set the IP you wish to access in the DMZ, or you'd enable port forwarding to the Private Address on the specific ports you wish to access. If you had an SSH Server on box X, you would go into port forwarding and put forward External Port 22 to Internal Port 22 on IP address X.
Q3. What does Internal and External mean on the configuration menu.
A3. It's hard to say without seeing the menu, or you telling us what it says. However, it could possibly be used to setup port forwarding which I mentioned above.
Like KD asked, what router is it you are using? It sounds like a Dlink/Linksys/Netgear POS... and they're usually all pretty much the same. Also I'd suggset you try reading the manual that came with it.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
April 21st, 2004, 12:02 PM
thanks guys ,i 'll try to refine my questions so that i will get the right answers.i'll post one question every time.thanks